JP2020135228A - Information processing system, information processing method, and control rule management device - Google Patents

Abstract

To make it possible to enhance security in a system that provides apparatus services by virtual currency.SOLUTION: An information processing system includes: a transaction history management unit that records and manages information on virtual currency transacted in response to an access request from a user terminal to an apparatus on a distributed ledger; a communication processing unit that stores a control rule for controlling access from the user terminal to the apparatus, and determines whether the access is permitted or not based on the control rule; and a control rule management unit that changes the control rule according to the transaction, then transmits the control rule after change to the communication processing unit, and transmits information on the control rule after change to a transaction history management unit to have it recorded on the distributed ledger.SELECTED DRAWING: Figure 14

Description

The present invention relates to an information processing system, an information processing method, and a control rule management device.

In recent years, a system for employees using a unique virtual currency has been introduced in companies and the like. For example, a virtual currency is given as a part of evaluation to employees, and the given virtual currency can be used in an employee cafeteria or the like by a dedicated application or the like.

Further, a system has been proposed that makes it possible to use a device or the like connected to a network by paying virtual currency (see, for example, Patent Document 1). In the system described in Patent Document 1, when virtual currency as a device usage fee is sent from the user terminal, transaction information is written in the ledger, and data corresponding to payment is transmitted to the user terminal to use the device. Is allowed.

In the conventional technology, when a transaction in virtual currency can be confirmed, data is sent to the target user terminal and the usage rule (control rule) in the network is rewritten in the system to provide the device service to the user. Has been realized.

However, in the conventional system, although the virtual currency is prevented from being tampered with by the blockchain, there is no mechanism for protecting the control rule. Therefore, there is a possibility that the device service may be used illegally due to falsification of control rules or the like. Further, in the conventional system, there is a problem that the past control rule cannot be restored when the control rule is erroneously changed due to a setting error or the like.

The disclosed technology is designed to solve this in view of the above circumstances, and aims to improve security.

The disclosed technology controls a transaction history management unit that records and manages information about virtual currency traded in response to an access request from a user terminal to a device in a distributed ledger, and controls access from the user terminal to the device. A communication processing unit that stores the control rule and determines whether or not to access the access based on the control rule, and after changing the control rule according to the transaction, transmits the changed control rule to the communication processing unit. It is an information processing system having a control rule management unit that transmits information about the changed control rule to the transaction history management unit and records it in the distributed ledger.

According to the present invention, security can be improved.

It is a figure which shows an example of the structure of the information processing system which concerns on 1st Embodiment. It is a figure which shows an example of the hardware composition of each apparatus which concerns on 1st Embodiment. It is a figure which shows an example of the functional structure of the information processing system which concerns on 1st Embodiment. It is a figure which shows an example of the user information managed by a user information management part. It is a figure which shows an example of the device information managed by the device information management department. It is a figure which shows an example of the time information which the time information management part manages. It is a figure which shows an example of the control rule managed by the control rule management part. It is a figure which shows an example of the reference screen of the change history of a control rule. It is a figure which shows another example of the reference screen of the change history of a control rule. It is a sequence diagram which shows an example of the control rule change processing by an information processing system. It is a figure which shows the description example of a transaction execution request. It is a figure which shows the description example of the control rule. It is a sequence diagram which shows typically the 1st use example of an information processing system. It is a sequence diagram which shows typically the 2nd use example of an information processing system.

Hereinafter, modes for carrying out the invention will be described with reference to the drawings. In the description of the drawings, the same elements are designated by the same reference numerals, and duplicate description will be omitted.
<First Embodiment>
(System configuration)
FIG. 1 is a diagram showing an example of a configuration of an information processing system according to the first embodiment. In FIG. 1, the information processing system 1 includes an SDN (Software Defined Network) switch 2, an SDN controller 3, a transaction management server 4, a system management server 5, an administrator terminal 6, and a service providing device 7. They are connected to each other so as to be able to communicate with each other via the communication network 8. Further, the user terminal 9 is communicably connected to the SDN switch 2.

The information processing system 1 is constructed in a local network environment such as a company. The information processing system 1 may be connected to the Internet.

The SDN switch 2 holds a control rule for controlling the access of the user terminal 9, and processes the packet received from the user terminal 9 based on the control rule. Specifically, the SDN switch 2 performs communication processing for determining permission / denial of packet transfer based on the conditions defined in the control rule.

The SDN controller 3 performs a relay process of converting the control rule received from the system management server 5 into a format that the SDN switch 2 can receive and transferring it to the SDN switch 2.

A so-called private blockchain (distributed ledger) is constructed on the transaction management server 4, and transaction records are generated and approved.

The system management server 5 controls the information processing system 1 in an integrated manner, and also generates and transmits control rules. Further, in the present embodiment, the private blockchain constructed on the transaction management server 4 records the change history of the control rule based on the control from the system management server 5.

The administrator terminal 6 is a terminal such as a PC (Personal Computer) operated by a system administrator or the like, and sends a control rule change request, a control rule change history transmission request, or the like to the system management server 5. Make it possible to do.

The service providing device 7 is a device that provides a service to a user who operates the user terminal 9. The service providing device 7 is a shared resource connected to the communication network 8. A plurality of service providing devices 7 may be connected to the communication network 8.

For example, the service providing device 7 is a coffee maker installed in the employee cafeteria, and permits the user to use the coffee according to the payment of the fee in the virtual currency via the user terminal 9 to provide the coffee. Further, the service providing device 7 includes various electronic devices such as a multifunction device, a printer, a scanner, an electronic blackboard, and a game machine. Further, the service providing device 7 may provide information or the like to the user terminal 9.

The user terminal 9 is a terminal such as a desktop PC, a notebook PC, a smartphone, or a tablet terminal. The user terminal 9 may be connected to the SDN switch 2 by wireless communication such as a wireless LAN. By operating the user terminal 9, the user can pay a fee in virtual currency in order to use the desired service providing device 7.
(Hardware configuration)
FIG. 2 is a diagram showing an example of the hardware configuration of each device according to the first embodiment. The hardware configuration has a general computer configuration. Here, a general computer hardware configuration example will be described.

In FIG. 2, the computer 100 includes a CPU (Central Processing Unit) 101, a ROM (Read Only Memory) 102, a RAM (Random Access Memory) 103, a storage 104, a keyboard 105, a display interface (I / F) 106, and a media interface ( It has an I / F) 107, a network interface (I / F) 108, a timer 109, and a bus line 110.

The CPU 101 is an arithmetic unit that realizes each function of the computer 100 by reading programs and data stored in the ROM 102, the storage 104, and the like onto the RAM 103 and executing processing.

The ROM 102 is a non-volatile memory that can hold programs and data even when the power is turned off. The ROM 102 is composed of, for example, a flash memory or the like. The ROM 102 has applications such as SDK (Software Development Kit) and API (Application Programming Interface) installed, and it is possible to realize the functions of the computer 100, network connection, and the like by using the installed applications.

The RAM 103 is a volatile memory used as a work area or the like of the CPU 101. The storage 104 is, for example, a storage device such as an HDD (Hard Disk Drive) or an SSD (Solid State Drive). The storage 104 stores, for example, an OS (Operation System), an application program, various data, and the like.

The keyboard 105 is a kind of input means including a plurality of keys for inputting characters, numerical values, various instructions, and the like. The input means may be not only the keyboard 105 but also a mouse, a touch panel, a voice input device, or the like. The display I / F 106 controls the display of various information such as a cursor, a menu, a window, characters, or an image on the display 106a such as an LCD (Liquid Crystal Display). The display 106a may be a touch panel display provided with input means.

The media I / F 107 controls reading or writing (storage) of data to a recording medium 107a such as a USB (Universal Serial Bus) memory, a memory card, an optical disk, or a flash memory.

The network I / F 108 is an interface for connecting a computer 100 to a communication network 8 and transmitting / receiving data to / from another computer, an electronic device, or the like. The network I / F 108 is, for example, a communication interface such as a wired or wireless LAN (Local Area Network). The timer 109 is a measuring device having a time measuring function.

The bus line 110 is commonly connected to each of the above components and transmits an address signal, a data signal, various control signals, and the like. The CPU 101, ROM 102, RAM 103, storage 104, keyboard 105, display I / F 106, media I / F 107, network I / F 108, and timer 109 are connected to each other via a bus line 110.

In the hardware configuration of each device, components may be added or deleted as needed. For example, the server may be configured without an input means and a display 106a.
(Functional configuration)
FIG. 3 is a diagram showing an example of the functional configuration of the information processing system 1 according to the first embodiment. The following parts are functions realized by a program or the like executed by the CPU 101 shown in FIG.
(SDN switch configuration)
First, the functional configuration of the SDN switch 2 will be described. The function realized by the SDN switch 2 includes a communication processing unit 2a. The communication processing unit 2a includes a communication unit 21, a control rule storage unit 22, and a packet processing unit 23. The communication unit 21 is a function of transmitting and receiving various data to and from an external device. The communication unit 21 communicates with, for example, the SDN controller 3, the system management server 5, the service providing device 7, and the user terminal 9.

The control rule storage unit 22 receives and stores the control rule for controlling the access of the user terminal 9 from the SDN controller 3 via the communication unit 21. The packet processing unit 23 processes the packet received from the user terminal 9 based on the control rule. When the packet satisfies the control rule, the communication processing unit 2a permits the communication unit 21 to transfer the packet (packet communication) to the service providing device 7 that satisfies the control rule.

The user terminal 9 includes a communication unit 91, a reception unit 92, and a display control unit 93. The service providing device 7 includes a communication unit 71 and a service providing processing unit 72. Further, the administrator terminal 6 includes a communication unit 61, a reception unit 62, and a display control unit 63.
(SDN controller configuration)
Next, the functional configuration of the SDN controller 3 will be described. The function realized by the SDN controller 3 includes a relay processing unit 3a. The relay processing unit 3a includes a communication unit 31 and a conversion unit 32. The communication unit 31 is a function of transmitting and receiving various data to and from an external device. The communication unit 31 communicates with, for example, the SDN switch 2 and the system management server 5.

The conversion unit 32 converts the control rule received from the system management server 5 via the communication unit 31 into a format that can be received by the SDN switch 2. The relay processing unit 3a transfers the control rule converted by the conversion unit 32 to the SDN switch 2 via the communication unit 31.
(Configuration of transaction management server)
Next, the functional configuration of the transaction management server 4 will be described. The function realized by the transaction management server 4 includes the transaction history management unit 4a. The transaction history management unit 4a includes a communication unit 41, a distributed ledger 42, and a record control unit 43. The communication unit 41 is a function of transmitting and receiving various data to and from an external device. The communication unit 41 communicates with, for example, the system management server 5.

The distributed ledger 42 is constructed by a private blockchain, and records and manages the balance of virtual currency and the like in a ledger for each user as transaction information. Here, the user of the distributed ledger 42 includes a system administrator who manages the service providing device 7 in addition to a user who requests the use of the service providing device 7 by using the user terminal 9. The ledger of each user is specified by the ledger address (corresponding to the account).

Further, in the distributed ledger 42, the control rule generated by the system management server 5 and the change history of the control rule are recorded.

The transaction history management unit 4a writes the deposit / withdrawal information of the virtual currency to the distributed ledger 42, manages the balance, writes the control rule and its change history, and the like.
(System management server configuration)
Next, the functional configuration of the system management server 5 will be described. The functions realized by the system management server 5 include the management application 5a. The management application 5a includes a communication unit 51, a system management unit 52, a user information management unit 53, a device information management unit 54, a time information management unit 55, and a control rule management unit 56. The control rule management unit 56 includes a control rule generation unit 56a, a control rule storage unit 56b, and a control rule transmission unit 56c.

The communication unit 51 is a function of transmitting and receiving various data to and from an external device. The communication unit 51 communicates with, for example, the SDN controller 3, the transaction management server 4, the administrator terminal 6, and the user terminal 9.

The system management unit 52 receives the operation signal transmitted from the administrator terminal 6 and the user terminal 9 via the communication unit 51, and sends the SDN controller 3, the transaction management server 4, the administrator terminal 6, the user terminal 9, and the like. , Various information is transmitted via the communication unit 51.

The user information management unit 53 manages the user information of the user who uses the user terminal 9. The user information management unit 53 holds a user ID, a user name, a ledger address of the distributed ledger 42, and a device address (MAC address) of the user terminal 9 in association with each other as user information.

FIG. 4 is a diagram showing an example of user information managed by the user information management unit 53. FIG. 4 shows a record of user information for one user. “00-00-3C-00-75-FF” in FIG. 4 represents the MAC address of the user terminal 9 registered by the user “Riko Taro” whose user ID is “ZZZ000”.

The device information management unit 54 manages the device information of the service providing device 7. The device information management unit 54 holds the device ID, the device name, the ledger address of the distributed ledger 42, the device address (MAC address), and the usage fee in association with each other as the device information. FIG. 5 is a diagram showing an example of device information managed by the device information management unit 54. “00-00-5E-00-53-FF” in FIG. 5 represents the MAC address of the device whose device ID is “AAA111”. Further, the usage fee "100" represents the usage fee of the device "coffee maker" in virtual currency.

The time information management unit 55 manages the current time based on the timer 109 shown in FIG. FIG. 6 is a diagram showing an example of time information managed by the time information management unit 55.

The control rule management unit 56 manages the generation, storage, transmission, and the like of control rules. The control rule generation unit 56a generates a new control rule when there is an instruction from the administrator terminal 6 or when a transaction in virtual currency is established and access to the service providing device 7 is permitted from the user terminal 9. To do. Further, the control rule generation unit 56a automatically changes the control rule when the accessible time from the user terminal 9 to the service providing device 7 is exceeded.

The control rule storage unit 56b stores the control rule generated by the control rule generation unit 56a. The control rule transmission unit 56c transmits the control rule stored in the control rule storage unit 56b to the relay processing unit 3a and the transaction history management unit 4a via the communication unit 51.

FIG. 7 is a diagram showing an example of a control rule managed by the control rule management unit 56. As shown in FIG. 7, the control rule includes, for example, an access source MAC address, an access destination MAC address, communication priority, access availability, start time, and end time as items.

For example, the access source MAC address is the device address of the user terminal 9. The access destination MAC address is the device address of the service providing device 7. The communication priority represents the priority when a plurality of communications compete at the same time. The communication priority "100" in FIG. 7 indicates that the priority is the highest. Accessability indicates whether or not the access source device is permitted to access the access destination device. Accessibility "1" in FIG. 7 indicates that access is permitted. The start time represents the time when the access permission is started. The end time represents the time when the access permission is terminated.

The control rule shown in FIG. 7 is from 12:00 pm to 1:00 pm on January 1, 2000, from the user terminal 9 registered by the user "Riko Taro" to the "coffee maker" as the service providing device 7. Indicates that communication is permitted with the highest communication priority.

Further, the control rule management unit 56 manages the change history of the control rule by referring to the past control rule recorded in the distributed ledger 42 of the transaction history management unit 4a. The control rule management unit 56 transmits the change history information of the control rule to the administrator terminal 6 when there is a request from the administrator terminal 6. The display control unit 63 of the administrator terminal 6 displays a reference screen of the change history of the control rule on the display 106a based on the change history information of the control rule received from the control rule management unit 56 via the communication unit 61. The system administrator can check the change history of the control rule from the reference screen displayed on the display 106a.

FIG. 8 is a diagram showing an example of a reference screen of the change history of the control rule. On the reference screen 200 shown in FIG. 8, the changer, the change date and time, the change content, and the reason for the change are displayed as items showing the change history of the control rule. The system administrator can refer to all the change histories by scrolling the reference screen 200 up and down by an operation using a mouse or the like.

FIG. 9 is a diagram showing another example of the reference screen of the change history of the control rule. On the reference screen 300 shown in FIG. 9, the changer, the change date and time, and the reason for the change are displayed as items showing the change history of the control rule. On the reference screen 300, the changed contents of the control rule are visually represented by a figure.

Further, on the reference screen 300, one control rule is shown for each page. The system administrator can refer to all the change histories by clicking the button 301 to go to the next page or the button 302 to go back to the previous page by operating with a mouse or the like. FIG. 9B shows a past control rule displayed when the return button 302 to the previous page is clicked on the reference screen 300 shown in FIG. 9A.
(Control rule change processing)
Next, the control rule change process by the information processing system 1 will be described. FIG. 10 is a sequence diagram showing an example of control rule change processing by the information processing system 1.

First, when the user operates the user terminal 9 to log in to the management application 5a of the system management server 5 (step S1), the system management unit 52 sends a device information acquisition request to the device information management unit 54 (step S1). Step S2). Upon receiving the device information acquisition request, the device information management unit 54 transmits the device information of the service providing device 7 being managed to the system management unit 52 (step S3). When the system management unit 52 receives the device information from the device information management unit 54, the system management unit 52 transfers the device information to the user terminal 9 (step S4).

The user terminal 9 displays the received device information. The user can perform the device selection operation after confirming the type and usage fee of the service providing device 7 based on the display of the device information.

When the service providing device 7 is selected by the user terminal 9 (step S5), the user terminal 9 transmits a usage request (access request) of the service providing device 7 to the system management unit 52 (step S6). This usage request includes a user ID and a device ID.

When the system management unit 52 receives the usage request, the system management unit 52 requests the user information management unit 53 to acquire the ledger address of the user (step S7). Upon receiving the request, the user information management unit 53 extracts the ledger address corresponding to the user ID from the user information and transmits it to the system management unit 52 (step S8).

Upon receiving the ledger address of the user, the system management unit 52 requests the transaction history management unit 4a to acquire the balance of the virtual currency of the user (step S9). Upon receiving the balance acquisition request, the transaction history management unit 4a acquires the balance from the distributed ledger 42 based on the ledger address of the user and notifies the system management unit 52 (step S10).

Upon receiving the notification of the balance, the system management unit 52 compares the balance with the usage fee of the service providing device 7 and determines whether or not the service providing device 7 can be used (step S11). The system management unit 52 determines that it can be used when the balance is equal to or greater than the usage fee, and transmits a transaction execution request in virtual currency to the transaction history management unit 4a (step S12). The transaction execution request includes a user's ledger address (see FIG. 4), a ledger address of the service providing device 7, and a usage fee (see FIG. 5). FIG. 11 shows a description example of a transaction execution request.

Upon receiving the transaction execution request, the transaction history management unit 4a rewrites the ledger of the user and the ledger of the service providing device 7 to perform remittance (deposit / withdrawal) processing of virtual currency corresponding to the usage fee (step S13). .. The transaction history management unit 4a transmits a remittance process, that is, a transaction completion notification to the system management unit 52 when the transaction is completed (step S14).

Upon receiving the transaction completion notification, the system management unit 52 requests the time information management unit 55 to acquire the time (step S15). When the time information management unit 55 receives the time acquisition request, it acquires the current time from the time information and notifies the system management unit 52 (step S16).

Upon receiving the notification of the current time, the system management unit 52 requests the control rule generation unit 56a to generate the control rule (step S17). The control rule generation request includes the device address of the user terminal 9 (see FIG. 4), the device address of the service providing device 7 (see FIG. 5), and the current time information (see FIG. 6).

Upon receiving the control rule generation request, the control rule generation unit 56a generates a control rule (see FIG. 7) based on the device address, the current time information, and the like (step S18). FIG. 12 shows a description example of the control rule. When the control rule generation unit 56a generates a control rule, the control rule generation unit 56a requests the control rule storage unit 56b to store the control rule (step S19). Upon receiving the control rule storage request, the control rule storage unit 56b stores the control rule (step S20).

When the control rule storage unit 56b stores the control rule, the control rule storage unit 56b requests the control rule transmission unit 56c to transmit the control rule (step S21). Upon receiving the control rule transmission request, the control rule transmission unit 56c transmits the control rule to the transaction history management unit 4a (step S22). When the transaction history management unit 4a receives the control rule, the transaction history management unit 4a writes the control rule to the distributed ledger 42 (step S23) and manages it as a change history of the control rule. In the distributed ledger 42, the changer, the date and time of the change, the reason for the change, and the like are recorded together with the change contents of the control rule.

When the control rule transmission unit 56c receives the control rule transmission request, the control rule transmission unit 56c transmits the control rule to the relay processing unit 3a (step S24). When the relay processing unit 3a receives the control rule, the relay processing unit 3a converts the control rule and transfers it to the communication processing unit 2a (step S25).

When the communication processing unit 2a receives the control rule, the communication processing unit 2a stores the control rule in the control rule storage unit 22 (step S26). In the communication processing unit 2a, the communication (access) from the user terminal 9 to the service providing device 7 via the packet processing unit 23 is permitted by reflecting the new control rule stored in the control rule storage unit 22. To.
(Example of using information processing system)
Next, a usage example of the information processing system 1 will be described. FIG. 13 is a sequence diagram schematically showing a first usage example of the information processing system 1. The first usage example is an example in which the administrator terminal 6 requests a change in the control rule.

First, in the initial stage, access from the user terminal 9 to the service providing device 7 is prohibited by a control rule stored in advance in the communication processing unit 2a (step S100). In this case, the system administrator can log in to the management application 5a using the administrator terminal 6 and make a change request for the control rule (step S101).

The management application 5a changes the control rule based on the content of the request from the administrator terminal 6 (step S102), and transmits the changed new control rule to the transaction history management unit 4a (step S103). When the transaction history management unit 4a receives the changed control rule, the transaction history management unit 4a writes the control rule to the distribution ledger 42 (step S104). After that, the management application 5a and the transaction history management unit 4a perform a confirmation process of the history of the control rule written in the distributed ledger 42 (step S105).

Further, the management application 5a transmits the control rule to the relay processing unit 3a (step S106), and the relay processing unit 3a converts the control rule and transfers it to the communication processing unit 2a (step S107). The communication processing unit 2a changes the control rule by storing the new control rule received (step S108).

After that, when the service providing device 7 is accessed from the user terminal 9 (step S109), the access is permitted by the communication processing unit 2a (step S110). The service providing device 7 receives the access and responds (step S111), and the response is transmitted to the user terminal 9 via the communication processing unit 2a (step S112).

After that, the system administrator can confirm the change history of the control rule by using the administrator terminal 6. Specifically, the system administrator logs in to the management application 5a using the administrator terminal 6 and requests to acquire the change history of the control rule (step S200). When the management application 5a receives the change history acquisition request from the administrator terminal 6, the management application 5a requests the transaction history management unit 4a to acquire the change history (step S201).

Upon receiving the change history acquisition request, the transaction history management unit 4a reads the change history of the control rule recorded in the distributed ledger 42 (step S202), and transmits the read change history to the management application 5a (step S203). .. Then, the management application 5a causes the administrator terminal 6 to display a reference screen (see FIGS. 8 and 9) at which the change history can be referred to based on the received change history.

FIG. 14 is a sequence diagram schematically showing a second usage example of the information processing system 1. The second usage example is an example of changing the control rule by payment (transaction) of virtual currency.

First, in the initial stage, access from the user terminal 9 to the service providing device 7 is prohibited by a control rule stored in advance in the communication processing unit 2a (step S300).

The user can log in to the management application 5a using the user terminal 9 and request the use of the service providing device 7 (step S301). Upon receiving the usage request, the management application 5a makes a transaction request to the transaction history management unit 4a (step S302). When the balance is equal to or greater than the usage fee, the transaction history management unit 4a completes the transaction by performing the above-mentioned remittance (deposit / withdrawal) process (step S303), and the completion notification is transmitted to the management application 5a (step). S304). Upon receiving the completion notification, the management application 5a changes the control rule based on the content of the transaction (step S305), and transmits the changed new control rule to the transaction history management unit 4a (step S306).

Subsequent steps S307 to S315 are the same as the above-mentioned steps S104 to S112, and thus the description thereof will be omitted. Further, as in the first usage example, the system administrator can confirm the change history of the control rule by using the administrator terminal 6 (steps S200 to S204).

As described above, according to the information processing system 1 according to the present embodiment, when the control rule is changed, the changed control rule is recorded and managed in the distributed ledger 42 as a change history, so that a setting error or the like is made. If the control rule is changed by mistake, the past control rule can be restored, and the security can be improved.

Each function of the embodiment described above can be realized by one or more processing circuits. Here, the "processing circuit" in the present specification is a processor programmed to execute each function by software such as a processor implemented by an electronic circuit, or a processor designed to execute each function described above. It shall include devices such as ASIC (Application Specific Integrated Circuit), DSP (digital signal processor), FPGA (field programmable gate array) and conventional circuit modules.

The group of devices described in the embodiments is only one of a plurality of computing environments for implementing the embodiments disclosed herein.

In certain embodiments, the system management server 5 includes a plurality of computing devices, such as a server cluster. The plurality of computing devices are configured to communicate with each other over any type of communication link, including networks, shared memory, and the like, and perform the processes disclosed herein. Similarly, the transaction management server 4 can include a plurality of computing devices configured to communicate with each other. Further, each element of the system management server 5 and the transaction management server 4 may be integrated into one server device, or may be divided into a plurality of devices.

Further, the present invention is not limited to the requirements shown in the above embodiments. With respect to these points, the gist of the present invention can be changed without impairing the gist of the present invention, and can be appropriately determined according to the application form thereof.

The system management server 5 in this embodiment is an example of a control rule management device. The transaction management server 4 is an example of a transaction history management device. The SDN switch 2 is an example of a communication processing device.

1 Information processing system 2 SDN switch 2a Communication processing unit 3 SDN controller 3a Relay processing unit 4 Transaction management server 4a Transaction history management unit 5 System management server 5a Management application 6 Administrator terminal 7 Service providing equipment 8 Communication network 9 User terminal 21 Communication Department 22 Control rule storage unit 23 Packet processing unit 31 Communication unit 32 Conversion unit 41 Communication unit 42 Distributed ledger 43 Recording control unit 51 Communication unit 52 System management unit 53 User information management unit 54 Equipment information management unit 55 Time information management unit 56 Control Rule management unit 56a Control rule generation unit 56b Control rule storage unit 56c Control rule transmission unit 61 Communication unit 63 Display control unit 200, 300 Reference screen

JP-A-2010-262390

Claims (10)

A transaction history management unit that records and manages information about virtual currencies that are traded in response to access requests from user terminals to devices in a distributed ledger.
A communication processing unit that stores a control rule that controls access from the user terminal to the device and determines whether or not the access is possible based on the control rule.
After changing the control rule according to the transaction, the changed control rule is transmitted to the communication processing unit, and information about the changed control rule is transmitted to the transaction history management unit to the distributed ledger. Control rule management department to record and
Information processing system with. The information processing system according to claim 1, further comprising a relay processing unit that receives the control rule transmitted from the control rule management unit, changes the format, and transfers the control rule to the communication processing unit. The information processing according to claim 1 or 2, wherein the control rule management unit acquires the change history of the control rule from the transaction history management unit, and provides the administrator terminal with a reference screen that enables the change history to be referred to. system. The information processing system according to claim 3, wherein the control rule management unit can change the control rule by operating the administrator terminal. The information processing system according to any one of claims 1 to 4, wherein the control rule includes a start time for starting the access permission and an end time for ending the access permission. The information processing system according to any one of claims 1 to 5, wherein the control rule includes a communication priority indicating a communication priority. The information processing system according to any one of claims 1 to 6, wherein the communication processing unit is a function realized by an SDN switch. The information processing system according to any one of claims 1 to 7, wherein the device is a service providing device that provides a service in response to the transaction. The step of recording the information about the virtual currency traded in response to the access request from the user terminal to the device by the transaction history management department in the distributed ledger, and
After changing the control rule that controls access from the user terminal to the device according to the transaction, the changed control rule is transmitted to the communication processing unit, and the information related to the changed control rule is transmitted to the transaction history management unit. And the step of sending to and recording in the distributed ledger
A step of determining whether or not the access is possible based on the control rule by the communication processing unit,
Information processing method having. A transaction history management device that records and manages information about virtual currencies that are traded in response to access requests from user terminals to devices in a distributed ledger.
A communication processing device that stores a control rule that controls access from the user terminal to the device and determines whether or not the access is possible based on the control rule.
A control rule management device that communicates
The control rule is changed according to the transaction, the changed control rule is transmitted to the communication processing device, and information about the changed control rule is transmitted to the transaction history management device and recorded in the distributed ledger. Control rule management device to let.

Images